With a new cloud solution, business application security provider ERPScan is targeting what it says is the most underestimated area of SAP cybersecurity – security of customisation.
Organisations must identify vulnerabilities and backdoors in static ABAP code, as well as spend time develop secure source code, to effectively close the door to cyberattacks or fraud.
According to ERPScan, its SAP Code Security SaaS will remove the need for additional intervention on both fronts, while still maintaining security. It will combine the ERPScan Security Monitoring Suite engine, with the expertise of the company’s research and threat intelligence teams as well as new technologies.
Customers will be able to upload program code from their SAP systems into ERPScan’s cloud platform, and rather than just a list of identified issues, will receive a solution consisting of corrected code parts, alternative remediation fragments, and virtual patching for detected vulnerabilities, which can be imported into IPS systems from Cisco, CheckPoint, Fortinet, or other vendors.
The solution can identify 130 types of issues in custom ABAP code, such as software vulnerabilities like directory traversal or SQL injections; backdoors designed to conduct malicious actions; access control violations; and obsolete statements which may affect operations during updates or migration.